Channels

Services

Security update for TYPO3 released

The TYPO3 developers have closed several holes in their content management system. The current versions are now 4.2.12 and 4.3.2. In their security bulletin, the developers say that the previous version's backend may disclose other users' non-public data to attackers who hold valid accounts. Furthermore, both the frontend and the backend are vulnerable to various cross-site scripting attacks.

If the "saltedpasswords" extension is installed in versions 4.3.0 and 4.3.1, the frontend potentially even grants access to unauthenticated attackers – ironically, this particularly affects security-conscious administrators. TYPO3 admins are, therefore, advised to install the update as soon as possible.